Book Image

Purple Team Strategies

By : David Routin, Simon Thoores, Samuel Rossier
Book Image

Purple Team Strategies

By: David Routin, Simon Thoores, Samuel Rossier

Overview of this book

With small to large companies focusing on hardening their security systems, the term "purple team" has gained a lot of traction over the last couple of years. Purple teams represent a group of individuals responsible for securing an organization’s environment using both red team and blue team testing and integration – if you’re ready to join or advance their ranks, then this book is for you. Purple Team Strategies will get you up and running with the exact strategies and techniques used by purple teamers to implement and then maintain a robust environment. You’ll start with planning and prioritizing adversary emulation, and explore concepts around building a purple team infrastructure as well as simulating and defending against the most trendy ATT&CK tactics. You’ll also dive into performing assessments and continuous testing with breach and attack simulations. Once you’ve covered the fundamentals, you'll also learn tips and tricks to improve the overall maturity of your purple teaming capabilities along with measuring success with KPIs and reporting. With the help of real-world use cases and examples, by the end of this book, you'll be able to integrate the best of both sides: red team tactics and blue team security measures.
Table of Contents (20 chapters)
1
Part 1: Concept, Model, and Methodology
6
Part 2: Building a Purple Infrastructure
12
Part 3: The Most Common Tactics, Techniques, and Procedures (TTPs) and Defenses
14
Part 4: Assessing and Improving

Chapter 1: Contextualizing Threats and Today's Challenges

In a continuously evolving digital world, where all services have become increasingly dematerialized, cybersecurity has become strategic. Unfortunately, this vision is not always shared between all stakeholders in an organization. Depending on your point of view, whether you are managing finance or directly dealing with cybersecurity issues, the will to invest in cybersecurity initiatives will differ. However, the need for the alignment of cybersecurity priorities across an organization becomes obvious once the organization suffers a security breach.

These breaches can impact anyone, anywhere, at any time. Nowadays, organizations tend to have an assume-breach position. Thus, the mantra:

"It's not a matter of if, but when, the breach will occur."

This chapter will introduce the general threat landscape, allowing us to understand adversaries and their motivations, as well as the overall security environment. This will help us understand their aims and methods before they can add our name to their hunting board.

Organizations often rely on red and blue teams (whether internal or outsourced) to enhance their security posture. This arrangement works well in theory, but it is a different story in real life. We will describe the current issues and pitfalls with this binary approach, and suggest the need for a new methodological framework that relies on multiple purple team strategies.

The lack of unified cybersecurity methodologies and controls has lead the various regulators to develop different frameworks to enforce the convergence of red and blue teams, hence purple teaming.

In this chapter, we're going to cover the following main topics:

  • General introduction to the threat landscape
  • Types of threat actors
  • Key definitions for purple teaming
  • Challenges with today's approach
  • Regulatory landscape